Firefly Iii@* Security Vulnerabilities and Issues — Firefly Iii@* CVE List

Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page. NOTE: It is asserted that an attacker must have the same acces...

5.4CVSS5.3AI score0.00225EPSS

Web

CVE•added 2019/07/18 3:15 a.m.•41 views

CVE-2019-13646

Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability

5.4CVSS5.3AI score0.00281EPSS

CVE•added 2019/07/18 3:15 a.m.•38 views

CVE-2019-13645

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing. NOTE: It is asserted that an attacker must have the same access rights as the user in or...

5.4CVSS5.3AI score0.00281EPSS

Web

CVE•added 2021/10/19 1:15 p.m.•38 views

CVE-2021-3846

firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type

8.8CVSS7.2AI score0.00237EPSS

CVE•added 2019/07/18 3:15 a.m.•35 views

CVE-2019-13647

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing. NOTE: It is asserted that an attacker must have the same access rights as the user in ...

5.4CVSS5.3AI score0.00206EPSS

Web

CVE•added 2023/04/01 2:15 a.m.•33 views

CVE-2023-1789

Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.

9.8CVSS7.2AI score0.00038EPSS